Modern networks are often used for the transfer of data and information between parties. In many instances, it is desirable for the data to be securely transmitted, for any one of a number of reasons. The data may be personally sensitive to either the sender or the receiver. The information may contain business sensitive data, and valuable trade secrets. Or, in the case of Governments, it may be necessary to transfer data and information securely for operational security reasons.
In the case where the information consists of e-mails, there are many ways to send encrypted e-mails, but they all have certain drawbacks. One way is via an e-mail client such as Outlook using asymmetrical keys (i.e., each party has a public key and a private key). This approach requires special software, and each party must have a public and private key generated in advance. Another possible way to securely send and receive e-mails is to incorporate special hardware devices, which could be incorporated into the network computers and could be used to encrypt and transmit information. But when hardware devices are used for encryption, both parties must have the hardware device, which could become costly and complicated.
One way to send semi-secure information via a web browser could be for the sender to encrypt the information with a password created by the sender. The sender could store the information on a web server, somehow transmit the password to the receiver to decrypt the information, and then the receiver can retrieve and decrypt the information on the web server. Examples of websites that offer this service are Lockbin.com and LuxSci.com. The problem with this approach is that if e-mail or phone is deemed too insecure to transmit the information in the first place, then transmitting the password via the same means cannot be said to be any more secure.
Another possible implementation for secure data exchange is for two people to use a password for a long period of time; the password could be exchanged before the two parties become remote to one another. The problem with this approach is that using the same password for a long time gives a hacker a long time to attempt to guess the password. Yet another simple approach is to encrypt information with a key that is permanently stored on a server. This can become an issue, because if that one encryption key is ever compromised, all of the data stored on the server that was encrypted by that key also becomes compromised.
In view of the above, one object of the present invention is to provide architecture and methods for secure data transfer over a network that do not require any additional hardware other than what is already in place. Another object of the present invention is to provide architecture and methods for secure data transfer over a network that do not require exchange of passwords or pre-arranged encryption keys prior to transmitting the data or information. Another object of the present invention is to provide architecture and methods for secure data transfer that avoids using a single encryption key that could be used to decrypt all encrypted information stored on the server. Still another object of the present invention is to provide architecture and methods for secure data transfer over a network with the generation of encryption keys on a per transaction basis, so that if a hacker was able to compromise an encryption key, the hacker would only decrypt a single information exchange event. Still another object of the present invention is to provide architecture and methods for secure data transfer over a network wherein the encryption key (nonce) and encrypted information are both stored on the same server network only for as long as it takes the server to delete the encryption key (perhaps milliseconds or less). These and other advantages of the invention, as well as additional inventive features, will be apparent from the description of the invention provided herein.